Distributors of spam, phishing attacks, and malware have traditionally dispersed unsolicited and potentially harmful messages through self-created email accounts. While attackers may create these accounts to appear legitimate, messages that originate from unfamiliar accounts may be more easily identified as suspicious by potential victims. As such, some attackers aim to increase the success of their attacks by hijacking the private accounts of other email users through exploiting security weaknesses (e.g., social engineering, intercepting communications, etc.). Once attackers have access to a private account, they may distribute convincing attacks from email addresses familiar to their victims.
Many traditional techniques of detecting spam and malware rely on identifying illegitimate email sources once they have been distributed to a recipient. For example, some anti-spam systems quarantine or block email originating from unfamiliar or unapproved sources. In addition, some techniques verify the origin of an email by analyzing cryptographic signatures contained within the messages. However, these techniques may not be effective against attackers that have gained access to a legitimate account. As such, the instant disclosure identifies a need for additional and improved systems and methods for detecting compromised messaging accounts.